Oracle® Data Provider for .NET Developer's Guide 11g Release 2 (11.2) Part Number E12249-01 |
|
|
View PDF |
An OraclePermission
object enables ODP.NET to enforce imperative security and helps ensure that a user has a security level adequate for accessing data.
Class Inheritance
System.Object
System.Security.CodeAccessPermission
System.Data.Common.DBDataPermission
Oracle.DataAccess.Client.OraclePermission
Declaration
// ADO.NET 2.0: C# public class OraclePermission: DBDataPermission
Thread Safety
All public static methods are thread-safe, although instance methods do not guarantee thread safety.
Requirements
Namespace: Oracle.DataAccess.Client
Assembly: Oracle.DataAccess
Microsoft .NET Framework Version: 2.0 or later
See Also:
OraclePermission
members are listed in the following tables.
OraclePermission Constructors
The OraclePermission
constructor is listed in Table 5-87.
Table 5-87 OraclePermission Constructor
Constructor | Description |
---|---|
Instantiates a new instance of the |
OraclePermission Static Methods
The OraclePermission
static methods are listed in Table 5-88.
Table 5-88 OraclePermission Static Methods
Static Method | Description |
---|---|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
OraclePermission Public Properties
The OraclePermission
public methods are listed in Table 5-92.
Table 5-89 OraclePermission Public Properties
Public Properties | Description |
---|---|
|
Inherited from
|
OraclePermission Public Methods
The OraclePermission
public methods are listed in Table 5-90.
Table 5-90 OraclePermission Public Methods
Public Method | Description |
---|---|
Adds a new connection string fragment and a list of restricted keywords to the |
|
|
Inherited from |
Returns a copy of the current permission object |
|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
Returns a boolean value that indicates whether or not the current permission is a subset of the target permission |
|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
The OraclePermission
constructor instantiates a new instance of the OraclePermission
class.
Declaration
// C#
public OraclePermission (PermissionState state);
Parameters
state
The state
parameter takes one of the following two values: PermissionState.None
or PermissionState.Unrestricted
.
Exceptions
ArgumentException
- The PermissionState
value is invalid.
The OraclePermission
static methods are listed in Table 5-91.
Table 5-91 OraclePermission Static Methods
Static Method | Description |
---|---|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
The OraclePermission
public methods are listed in Table 5-92.
Table 5-92 OraclePermission Public Properties
Public Properties | Description |
---|---|
|
Inherited from
|
The OraclePermission
public methods are listed in Table 5-93.
Table 5-93 OraclePermission Public Methods
Public Method | Description |
---|---|
Adds a new connection string fragment and a list of restricted keywords to the |
|
|
Inherited from |
Returns a copy of the current permission object |
|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
Returns a boolean value that indicates whether or not the current permission is a subset of the target permission |
|
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
|
Inherited from |
This method adds a new connection string fragment and a list of restricted keywords to the OraclePermission
object.
Declaration
// C# public void Add(string connStr, string keyRestrict, KeyRestrictionBehavior behavior);
Parameters
connStr
The connection string fragment.
keyRestrict
The key restrictions.
behavior
One of the following KeyRestrictionBehavior
enumerations:
AllowOnly
PreventUsage
Exceptions
ArgumentException
- The KeyRestrictionBehavior
value or the format of the connStr
or keyRestict
string is invalid.
Remarks
The Add
method configures the connection strings allowed or disallowed by the permission object.
Opening an OracleConnection
is allowed or denied based upon the connection string fragment, key restrictions combination, and the key restriction behavior.
In the following example, KeyRestrictionBehavior.AllowOnly
allows connection strings that use orcl
as the Data Source
with any User Id
and Password
combination but no other connection string keywords. Connection string keywords other than User Id
and Password
cause security exceptions.
orclPermission.Add("Data Source=orcl;","User Id=;Password=;", KeyRestrictionBehavior.AllowOnly);
In the next example, KeyRestrictionBehavior.PreventUsage
restricts connection strings that use the keyword Pooling
. Use of the Pooling
keyword causes an exception.
orclPermission.Add("Data Source=orcl;","Pooling=;", KeyRestrictionBehavior.PreventUsage)
As a general rule, in an unrestricted environment, any connection string that is not allowed is restricted and throws a security exception.
If a connection string fragment contains key-value pairs for the password
and proxy password
attributes, then values for these attributes are ignored. However, the presence of the attributes themselves is still checked. This means that the connection is allowed only if the password
and proxy attributes
keywords are allowed in the connection string.
This method returns a copy of the current permission object.
Declaration
// C# public override IPermission Copy();
Return Value
A copy of the OraclePermission
object.
This method returns a boolean value that indicates whether or not the current permission is a subset of the target permission.
Declaration
// C#
public override bool IsSubsetOf(IPermission target);
Parameters
target
A permission that must be of type OraclePermission
.
Return Value
A bool
value that indicates whether or not the current permission is a subset of the target permission.
Exceptions
ArgumentException
- The permission is not of the OraclePermission
type.
Remarks
The AllowBlankPassword
property is ignored when evaluating whether or not the current permission is a subset of the target permission.